Skip to content

_loadVerified assembly offsets are still wrong on main (PR #37 fix was not applied) #50

Description

@Sertug17

This was fixed in PR #37 but the PR was closed without merging. The fix was never applied to main.

src/CertManager.sol lines 581-584 still have wrong offsets:

ca := mload(add(packed, 0x1))        // should be 0x0
notAfter := mload(add(packed, 0x9))   // should be 0x1
maxPathLen := mload(add(packed, 0x11)) // should be 0x9
subjectHash := mload(add(packed, 0x31)) // should be 0x11

abi.encodePacked layout: ca(1) || notAfter(8) || maxPathLen(8) || subjectHash(32) || pubKey(48)

The warm cache path calls _loadVerified for every previously verified cert. With wrong offsets, cached certs return garbage values for ca, notAfter, maxPathLen and subjectHash. This affects the NitroValidator flow via verifyCachedCertBundle.

Fix diff in PR #37: #37

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions